Cyber Security
Why do MSSPs struggle, even in the cyber boom?
B By Simon Ratcliffe
eing longer in the tooth can be useful if you remember the lessons you learned and can apply the principles to new problem domains. We know experience is what you get just after you needed it and like jumping from a plane without a parachute, you don’t often get a chance to go back and try it again. When at University my Economics lecturer spent many hours describing economic theories that all made sense at the time. He had us leaning forward hanging on to his every word, until nearing the end of the lecture he would reveal case-studies that at some time and at some place saw progressive economists and politicians put these theories in to practice, to eventually be dispelled as complete bunkum. This was usually followed by coups, wars, depressions, or worse still, the emergence of actors and egoists who rose up, as citizens shifted their hopes from pursuing the literati, to courting the glitterati. They once called it ‘dismal science’ because every theory appeared to lead to a grim future, but there is a lot to learn and apply to the field of information security. Having been part of the early Managed Security Service Provider movement of the late nineties, many years before this information security lark attained the ‘cyber security‘ label, my cohort had a dream to find a way to provide detection and response services at the scale and unit cost to make them accessible to all and save us from the scourge of OSHI*. (Organised criminals, State actors, Hacktivists, Insiders… and today with the raised concern for Terrorism, it may be time for a new acronym*).
40 | Australian Cyber Security Magazine
Many clients had missed the importance of the PDR mantra (Protection Detection and Response). They had missed the critical knowledge that all successful security systems rely on three pillars and information security is no exception. We knew their over-investment in protection technologies would continue to fail, leaving timely detection and effective response to stand between them being on their game or being left out of the game. But how could we create protection, detection and response capability for all, at a consumable price? The 1700’s economist and author, Adam Smith, spoke of limiting government intervention; that ‘laissez faire’ or, an ‘invisible hand’ would allow market forces, the self-interested actions of the people, to create an equilibrium where supply met demand, to arrive at a consumable market price. To date this has not happened in the information security industry and unfortunately the only invisible hand at play has continued to erode the Australian economy through the clandestine taking of intellectual property, investment decisions and state secrets. The reasons are many, but certainly one challenge has been one of not experiencing what economists relied on to test their theories, that of ‘ceteris paribus’, the concept of everything else remaining the same. The threat landscape has constantly changed, and the service providers and large enterprises have been caught out. They of course had good intentions. They set a course to build their SOC’s SIEM’s and sensors with people and
